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Combined Top-down and Bottom-up Approach 
to Multilevel Supervisory Control 

Jan Komenda, Tomas Masopust, and Jan H. van Schuppen 


Abstract —Recently, we have proposed two complementary 
approaches, top-down and hottom-up, to multilevel supervisory 
control of discrete-event systems. In this paper, we compare 
and combine these approaches. The combined approach has 
strong features of both approaches, namely, a lower complexity 
of the top-down approach with the generality of the bottom- 
up approach. We show that, for prefix-closed languages, a 
posteriori supervisors computed in the bottom-up manner do 
not alter maximal permissiveness within the three-level coordi¬ 
nation control architecture, that is, the supremal three-level 
conditionally-controllable and conditionally-normal language 
can always be computed in a distributed way using multilevel 
coordination. Moreover, a general polynomial-time procedure 
for non-prefix closed case is proposed based on coordinators 
for nonblockingness and a posteriori supervisors. 

I. Introduction 

Discrete-event abstractions of complex engineering sys¬ 
tems have often a modular stmcture and typically consist of 
either a large Petri nets or a network (synchronous product) 
of finite automata. Supervisory control theory was introduced 
to provide a formal guarantee of safety and nonblockingness 
for these systems. Modular and decentralized supervisory 
control theories are especially relevant for large scale systems 
and these are often combined with hierarchical control based 
on abstractions. Coordination control of distributed systems 
with synchronous communication was developed by the au¬ 
thors, see [8] and the references therein, in which a coordina¬ 
tor restricts the behavior of two or more subsystems so that, 
after further control synthesis, safety and nonblockingness of 
the distributed system are achieved. 

In order to further decrease the complexity of control 
synthesis, a multilevel coordination control framework was 
proposed in [4], where a single (central) coordinator at the 
top level of the standard (three-level) coordination control 
was replaced by group supervisors for different group sys¬ 
tems at the lowest level. These coordinators together with 
their supervisors then form the middle (intermediate) level, 
while a (single) high-level coordinator is at the top level 
of the three-level coordination control. This architecture 
considerably limits the computational complexity due to 
relatively small event sets at the various levels. 

Recently, we proposed two complementary approaches, 
called top-down [4] and bottom-up [7], to multilevel super- 
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visory control of discrete-event systems. We have developed 
constructive results in the top-down approach of [4], where it 
was shown under which conditions the maximally permissive 
solution for the three-level coordination control architecture 
exists, that is, the supremal three-level conditionally control¬ 
lable languages. 

In this paper, we propose a combined approach, which can 
be described as a top-down design followed by a bottom-up 
computation. The combined approach combines the strong 
features, namely, the lower complexity of the top-down 
approach with the generality of the bottom-up approach. 
More specifically, we propose to complete the top-down 
design of coordinators from the high-level to the bottom-level 
by computing a posteriori supervisors on these coordinator 
alphabets in the opposite direction, i.e., in the bottom-up 
manner. The role of these supervisors is to enforce the 
sufficient conditions for distributed computation presented 
in [10], which are formulated as controllability and normality 
on all coordinator alphabets. Note that unlike the bottom-up 
approach of [7], we do not need to compute supervisors at the 
higher level, but only supervisors for individual subsystems 
at the lowest level are computed. 


Moreover, we show that for prefix-closed languages a 
posteriori supervisors do not alter maximal permissive¬ 
ness within the three-level coordination control architecture, 
i.e., the supremal three-level conditionally-controllable and 
conditionally-normal languages can always be computed 
in the distributed way. In the general case of non-prefix- 
closed languages, we propose to compute coordinators for 
nonblockingness in the bottom-up manner in addition to the 
a posteriori supervisors. 


This paper has the following structure. In Section]^ we re¬ 
call the basic elements of supervisory control theory together 
with basic (three-level) coordination control framework. In 
Section im multilevel coordination control framework is 
discussed and the strong points and drawbacks of the two 
existing approaches are compared. The main results of the 
paper are presented in Sections IV and |V] In the former 
section, it is proven that in the combined approach based on a 
posteriori supervisors, the supremal three-level conditionally- 
controllable and conditionally-normal languages can always 
be computed in a distributed way. Then, in the latter section 
concerned with the non-prefix-closed case, a formal general 
procedure is presented, where a posteriori supervisors are 
combined with coordinators for nonblockingness. 



II. Preliminaries 

This section recalls the basic results about coordination 
control of partially observed DES with a single (central¬ 
ized) coordinator. First, elementary notions and notation of 
supervisory control theory are recalled. The reader is referred 
to [2] for more details. 

Let A be a finite nonempty set of events, and let A* denote 
the set of all finite words over A. The empty word is denoted 
by e. 

A generator is a quintuple G = {Q,A,f,qo,Qm), where 
Q is the finite nonempty set of states, A is the event set, 
f-Q X A —> 2 is the partial transition function, qo € Q is the 
initial state, and C Q is the set of marked states. In the 
usual way, the transition function / can be extended to the 
domain QxA* by induction. The behavior of G is described 
in terms of languages. The language generated by G is the 
set L{G) = € A* I f{qo,s) G Q} and the language marked 

by G is the set L^iG) = {s eA* | f{qQ,s) G Qm} QL{G). 

A ( regular) language L over an event set A is a set L C A* 
such that there exists a generator G with Lm{G) = L. The 
prefix closure of L is the set L= {w G A* \ there exists u e 
A* such that wu G L}-, L is prefix-closed if L — L. 

A (natural) projection P : A* ^ A*, for some Ag C A, is a 
homomorphism defined so that P{a) = e, for a € A\Ao, and 
P{a) = a, for a G Ag. The inverse image of P, denoted by 
P^^ :Al^ 2^*, is defined as P^^{s) = {w G A* \ P{w) = s}. 
The definitions can naturally be extended to languages. The 
projection of a generator G is a generator P{G) whose behav¬ 
ior satisfies L{P{G)) = P{L(G)) and Lm{P{G)) = P{Lm(G)). 

A controlled generator with partial observations is a 
structure (G,Ac,P,r), where G is a generator over A, A^ C A 
is the set of controllable events, A„ = A \ A^ is the set of 
uncontrollable events, P : A* —>■ A^ is the projection, and 
r = {7 G- A I An G IS the set of control patterns. 

A supervisor for the controlled generator {G,Ag,P,r) is a 
map S : P{L{G)) -G E. 

A closed-loop system associated with the controlled gen¬ 
erator (G,Ac,P,r) and the supervisor S is defined as the 
smallest language L{S/G) C A* such that 

1) e G L{S/G) and 

2) if s G L(S/G), sa G L{G), and a G S(P(s)), then also 
sa G L(S/G). 

The marked behavior of the closed-loop system is defined as 

L^(5/G)=L(5/G)nL™(G). 

Let G be a generator over A, and let K C Lm{G) be a 
specification. The aim of supervisory control theory is to 
find a nonblocking supervisor S such that Lm{S/G) = K. 
The nonblockingness means that Lm{S/G) =L{S/G), hence 
L{S/G) = K. It is known that such a supervisor exists if and 
only if fG is 

1) controllable with respect to L(G) and A„; 
that is, KAu GLGK, and 

2) observable with respect to L{G), Ag, and Ay, 

that is, for all s G /T and a G Ag, if sa f K and sa G 
L(G), then p-'[P(s)](7n/: = 0, where P; A* ^A*. 


The synchronous product (parallel composition) of lan¬ 
guages Li C A| and L 2 C Aj is defined by 

Li HL2=Pf\Li)nP2-\L2)CA*, 

where Pj : A* —>A*, for /= 1,2, are projections to local event 
sets. In terms of generators, it is known that L(Gi||G 2 ) = 
L(Gi) II L{G 2 ) and Lm{G\\\G 2 ) =Lm{G\) || Lm(C? 2 ), see [2] 
for more details. 

We need the following lemma, which should be obvious. 

Lemma 1: For any language LG A* and projections Pi : 
A* — > B\ and P 2 : A* —> PJ with P 2 G Pi C A, it holds that 
Pi(L) ||P2 (L)=Pi(L). ■ 

Let G be a generator over A, and let Q : A* —> AJ be a 
natural projection. A language K G L{G) is normal with 
respect to L(G) and Q if K — Q^'^Q{K)nL(G). 

Recall that controllability is preserved by the synchronous 
product. It is easy to show that the same holds for normality. 

Lemma 2: For i = 1,2,... ,n, let P) G L, be controllable 
with respect to L, G A* and A,_„, nonconflicting, and normal 
with respect to L, and Qi, where Qt : A* -gA*^ are natural 
projections that define partial observations in subsystems. 
Then ||"^j Ki is controllable with respect to ||"^j L, and 
U”^iA, „ and normal with respect to L, and Q, where 
Q : (U"^jA,)* —> (U"^jA,'o)* is the natural projection that 
describes partial observations over the global alphabet. ■ 

Transitivity of controllability and normality is needed later. 

Lemma 3 ([4]): Let K G LG M he languages over A such 
that K is controllable with respect to L and A„ and normal 
with respect to L and Q, and L is controllable with respect 
to M and A„ and normal with respect to M and Q. Then K 
is controllable with respect to M and A„ and normal with 
respect to M and Q. ■ 

Now we recall the basic notions of coordination con¬ 
trol [8]. A language K over U"^jA, is conditionally decom¬ 
posable with respect to alphabets (A,)'Pj and A^, where 
Gflj<n{MGA2)GA,GGUAj, if 

K= \\UP,+k{K), 

for projections P,+i^ from U"^[Aj to A, UA,;-^ for / = 1,2,..., n. 
The alphabet At is a coordinator alphabet and includes all 
shared events: 

<!',;<« GAj) GAt- 

This has the following well-known impact. 

Lemma 4 ([3]): Let Pt : A* —> AJ be a projection, and let 
Li be a language over A,, for i= l,2,...,n, and let A^h G At- 
Then PtiWU Li) =\\U PkiU). ■ 

The problem of coordination control synthesis is now 
recalled. 

Problem 5: Let Gi, for i= 1,2,... ,n, be local generators 
over the event sets A, of a modular plant G Gi, and let 
Gt be a coordinator over an alphabet At- Let K G L{G\\Gt) 
be a specification language. Assume that At G A^t and that 
K is conditionally decomposable with respect to event sets 
(A,)”^i and At- 



The overall task K is divided into the local subtasks and 
the coordinator subtask, cf. [11]. The supervisor Sk for the 
coordinator will guarantee that L{Sk/Gk) ^ Pk{K). Similarly, 
the supervisors Si will guarantee that L{Si/[Gi\\{Sk/Gk)]) C 
Pi+k{K), for i = l,2,...,n. 

The problem is to determine the supervisors 5i,52,.• • ,5„, 
and Sk such that 

\\ULm{Si/[Gi\\{SklGk)])=K. < 

The main existential result for a prefix-closed specification 
K is the special case of Theorem 13 of [9] extended to 
general n>2. 

Theorem 6: [9] Consider the setting of Problem There 
exist supervisors Si,S 2 , - ■ ■ ,Sn and Sk based on partial obser¬ 
vations such that 

\\UL{Si/[Gi\\{Sk/Gk)])=K (1) 

if and only if K is 

1) conditionally controllable with respect to the genera¬ 
tors G, and Gk and the uncontrollable sets A, „ and 
Ak^u, for i= 1,2,..., n, and 

2) conditionally observable with respect to the generators 

Gi andd Gk, the event sets Aic and Aj^c, and the 
projections Qi+k and Qi^ from A* to A*^, for i = 
l,2,...,n. ■ 

Recall that K C L{Gi\\G 2 \\ ■ ■-WGnWGk) is conditionally 
controllable for generators Gi,G 2 ,...,G„ and a coordinator 
Gk and uncontrollable alphabets A, „, i= 1,2,... ,n, and A^-„ 
if Pk{K) is controllable with respect to L{Gk) and A^ „, and 
Pi+k [K) is controllable with respect to T(G,) || Pk{K) and 
Ai^k,u — {Ai U A/;) n Ay, foi i — 1 , 2, ..., n. 

For coordination control with partial observations, the 
notion of conditional observability is of the same importance 
as observability for monolithic supervisory control theory 
with partial observations. We recall that the supervisors Si, 
i = 1,2,... ,n, are supervisors based on partial observations, 
because they have only information about observable events 
from Ai o and observable coordinator events A^. o, but do not 
observe events from A,+,(-\ {Ai,o UAi- ^). 

A language K (Z L{G\\\G 2 \\ ■■-WGnWGk) is conditionally 
observable with respect to the generators Gi and Gk, control¬ 
lable sets A, c and A^- c, and projections Qi+k ™d Q^, where 
Qi '-A* -^A*g, for /= l,2,...,n, if is observable with 

respect to L{Gk), Ai^c, Qk, ™d Pi+j^iK) is observable with 
respect to L(G,) || Pk{K), A,+,t,c = A^ n (A,-U A,t), and Qi+k, 
for i— 1,2,...,n. 

The coordination control theory has been extended to 
the non-prefix-closed case in [8]. The extension consists 
in introducing coordinators for nonblockingness based on 
abstractions that are natural observers. We now state an 
important result from [8, Theorem 7] extended to general 
n>2. 

Theorem 7: Consider a modular plant with local marked 
languages L, = L„,{Gi) C A*, i= and let projections 

Pk ■ A* —> (A, nAi-)*, with shared events included in A*,, 
be an L,-observer, for i = Define Ck as the non- 

blocking generator with L„,{Ck) =||"=i Pk{Pi) with notation 


Lk =L,n{Ck), fe., L[Ck) =Lk = ||]C[ Pk{Li)- Then the coordi¬ 
nated system G || Ck is nonblocking, i.e., HjCj L; || L,n{Ck) = 

WUU II L„,{Ck). 

III. Three-level coordination control 

Since too many events may need to be included in the 
coordinator alphabet for systems with a large number of sub¬ 
systems, the top-down approach with three-level coordination 
control has been proposed in [4]. 

Given a modular system G = Gi ||G2||... ||G„, the three- 
level hierarchical structure depicted in Fig. makes it 
possible to add coordinator events only locally (to low-level 
group coordinators). 

The event sets of low-level groups Ij, j = 1,2,... ,m, are 
denoted by 



Recall that Pi,, denotes the projection Pj,. : A* A]^. Then 
Pir+k : A* (A/,. UAj.)* stands for the projection to the 
group alphabets extended with the high-level coordinator 
events. Similarly, Pj+k,.+k - A* —)■ (AjUAk^UAk)* denotes the 
projection to the alphabet Aj of an automaton Gj belonging 
to the group 4- extended with the alphabet A*,,, of the group 
coordinator of the low-level group G and the high-level 
coordinator alphabet Ak- 

We start by constructing Ak C A,/, = U^^g{p2,....m}(^4 
A/J such that K = ||"L[ Pj,+k{K). Note that A^./,, that is, 
the set of events shared by the low-level groups, is much 
smaller than the set of all shared events. The reason is that 
the events shared only among subsystems belonging to a 
given low-level group do not count for A^h- An algorithm to 
construct Ak as an extension of Aj/, making the first equation 
of Definition below hold true is described in [5]. 

In order to simplify the notation and definitions, we have 
included in [4] into the group coordinator alphabets Akj all 
events from the global coordinator by defining Akj ■=Akj U 
Ak, for j = l,2,...,m. This simplification enables us to use 
only the group coordinators Gkj in all the definitions below, 
which is more concise than using GkjWGk, but we have to 
bear in mind that from now on Gkj may also contain the 
high-level coordinator events from other groups than Ij. 

Definition 8 (3-level conditional decomposability): [4] 

A language K C A* is said to be three-level conditionally 
decomposable with respect to the alphabets Ai, A 2 , ..., A„, 
the high-level coordinator alphabet Ak, and the low-level 
coordinator alphabets Ak^, Ak^, ..., Ak,„ if 

K = ll'jLi P,^+k{K) and P,^+k{K) = Pi+k^ (K) 

for j =1,2,... ,m. < 

Definition 1^ makes sense, because on the right-hand side 
of the second equation Pt+kj [K) includes all events from both 
the group coordinator Ak^ and the high-level coordinator A*,. 

Problem 9 (Three-level coordination control problem): 
Consider the modular system G = Gi ||G 2 ||... ||G„ along 
with the three-level hierarchical structure of the subsystems 
organized into groups Ij, j = 1,2,... ,m < n, on the low 
level. The synchronous products |j,g/^ Gi, j = l,2,...,m. 







Fig. 1. The multilevel control architecture under consideration. 


then represent the m high-level systems. The coordinators 
Gicj are associated to groups of subsystems {G,- | i G Ij}, 
j — 1,2,... ,m. The three-level coordination control problem 
consists in synthesizing the supervisor 5, for every low-level 
system G,, i = l,2,...,n, and the high-level supervisor 
supervising the group coordinator Gkj, j = l,2,...,m, such 
that the specification K = KC L{G) is met by the closed-loop 
system, i.e., 

\\J^,\\te,^LiSi/[Gt\\iSkj/Gkj)])=K. < 

Low level (group) coordinators G^j, j = 1,2,...,m, are 
computed using Algorithm below. Recall that due to the 

Algorithm 1 Computation of the group coordinators. 

For a specification K, the coordinator G^j of the y'-th group 
of subsystems {G,- | i G /jj is computed as follows. 

1) Set A/ij = to be the set of all shared 

events of systems from the group /j. 

2) Extend A,tj so that Pj^+k{K) is conditional decompos¬ 
able with respect to and for instance using 

a method described in [5]. 

3) Set the coordinator equal to G^j — ||"=iFA:y(G,). 


extension of Aj^. by high-level coordinator events, A^CAi^., 
hence L{Gk)\\L{Gicj) of [6] is reduced to L{Gkj). Indeed, 
by our choice of the coordinators, L{Gk)\\L{Gk ) = Pk{L) | 
Pkj{L) = Pk.{L) = L{Gkj), where L L(G,) is the global 
plant language and the second equality holds by Lemma [T] 
Therefore, instead of the low-level coordinators Gtj, j = 
1,2,... ,7«, for subsystems belonging to the individual groups 
{G, I i G Ij} and the high-level coordinators Gk that coordi¬ 
nate the different groups, we are using only the low-level 
(group) coordinators Gk , but over larger alphabets compared 
to [6]. 

Since the only known condition ensuring that the projected 
generator is smaller than the original one is the observer 
property [13] we might need to further extend the alphabets 


Ak- so that the projection Pk is an L(G,)-observer, for all 
iGlj. 

The key concept is the following. 

Definition 10 ([6]): Consider the setting and notations 
of Problem and let Gk be a coordinator. A language 
K Q Gi) is three-level conditionally controllable with 

respect to the generators Gi, G 2 , ..., G„, the local alphabets 
A], A 2 , ..., A„, the low-level coordinator alphabets A^-j, 
Ak 2 , ..., Ak^, and the uncontrollable alphabet A„ if for all 
j= 1,2,...,m 

1) Pkj{K) is controllable with respect to L{Gkj) and Aj.^. „, 

2) Pi+kj{K) is controllable with respect to L(G,) || Pkj{K) 

and Ai^kj.u, for all i G Ij- <1 

For the sake of brevity, K will be called three-level 
conditionally controllable with respect to Gi, i G I(, and Gk^, 
where some sets are not referenced. 

For multilevel systems with partial observations, three- 
level conditionally observability, cf. [10], is needed. Unfortu¬ 
nately, it is not closed under language unions and, therefore, 
three-level conditional normality has been proposed in [10], 
where it is shown that the supremal three-level conditionally 
normal language always exists. 

Definition 11: A language K C L(||[L[ G,) is three-level 
conditionally normal with respect to the generators Gi, G 2 , 
..., G„, the local alphabets Ai, A 2 , ..., A„, the low-level co¬ 
ordinator alphabets Ak^, Ak^, ..., A,t„,j the corresponding 
natural projections if for all j = 1,2,... ,m 

1) Pkj{K) is normal with respect to L{Gkj) and Qkj, 

2) Pi+k .{K) is normal with respect to L(G,) || Pkj{K) and 

Qi+kj, for all i G Ij. < 

The computation of the supremal three-level conditionally 
controllable and conditionally normal sublanguage of K, 
denoted by supmcCN(/r,L,A,2), has been studied in [10]. 
We have shown that under some controllability and normality 
conditions on all coordinator alphabets it can be computed 
in a distributed way based on the following languages corre¬ 
sponding to supervisors for low-level group coordinators and 
local supervisors for individual subsystems, respectively. For 



































all j = 1,2,... ,m and i € Ij, 

supCN^^ =supC'N{Pkj{K),L{Gkj),Ak.^u,Qkj) (1) 

sup = sup CN {Pi+kj iK),L{Gi)\\sup CNk. ,Ai+kj,u , Qi+kj) 

where supCN(^r,L,A„,2) denotes the supremal sublanguage 
of K controllable with respect to L and A„ and normal with 
respect to L and the natural projection Q, see [2]. 

As in the centralized coordination, the following inclusion 
always holds true. 

Lemma 12: For all j = 1,2,... ,m and for all i G Ij, we 
have that (supCN,-^^p C supCN^^. 

Proof: The proof follows immediately from the defini- 
tion of supCN,^j(, .. Indeed, we have that ^(supCN,_|_^ ) C 
supCNjj. , because supCN^;,. is part of the plant language of 
supCN,_|_^ over the alphabet Akj. ■ 

We recall the notation for the closed-loop corresponding to 
group Ij, i.e. supcCN^ = supCN,-^^;,^. for j = 1,2,.. . ,m. 

The main result of [10] is now recalled. 

Theorem 13 ([10]): Consider Problem and the lan¬ 
guages defined in (fTli. For j = l,2,...,m and i G Ij, let the 
i-\-k • 

languages ^ (supCN,^,;,^ be controllable with respect to 
L{Gkj) and Akj^u, and normal with respect to L{Gkj) and Qkj, 
and let Pp(supcCNy) be controllable with respect to L{Gk) 
and Ai- „, and normal with respect to L{Gk) and Qk- Then 

supmcCN(/:,L,A,0) = ||7=i supCN,.+,^.. 


IV. Combined Approach to Multilevel 
Coordination Control oe Modular DES 

Recently, we have proposed two different constructive 
approaches to multilevel supervisory control; bottom-up [7] 
and top-down [4]. Bottom-up approach relies only on orig¬ 
inal notions of conditional decomposability and conditional 
controllability of the specification language, while top-down 
approach requires the specification to be conditionally de¬ 
composable and conditionally controllable with respect to 
the multilevel architecture. In the top-down approach, the 
specification is decomposed a priori in the top-down manner: 
firstly, with respect to the high-level coordinator alphabet 
and then with respect to the group coordinators for all low- 
level groups of subsystems. The advantage of the top-down 
approach is that, for prefix-closed specifications, the compu¬ 
tation at the lowest level consists in constructing supervisors 
for individual subsystems and no further computation at the 
higher level is needed. 

However, the least restrictive supervisors can only be 
computed under some conditions. We have presented in [4] 
the sufficient conditions for distributed computation of full 
observation supervisors yielding the maximally permissive 
solution in the three-level hierarchical control architecture. 
This condition has been generalized in [10] in two directions: 
to partial observations and to weaker sufficient conditions 
for the distributed computation of local supervisors assisted 
by coordinators. These weaker sufficient conditions are 


homogeneous, i.e., they are both formulated in terms of 
controllability and normality for both hierarchical interfaces: 
between the low level and the middle level and between the 
middle level and the top level. 

In this section all languages are assumed to be prefix- 
closed. In the general case with non-prefix-closed speci¬ 
fications, the individual supervisors of the groups can be 
conflicting and also the group supervisors on the higher level 
might be conflicting. Therefore, additional coordinators for 
nonblocking should be constructed at all levels, which is 
presented in the next section. 

To conclude, the main drawback of the top-down approach 
is the lack of generality: the blocking issue and the restrictive 
conditions for a distributed computation of the maximally 
permissive solution: supremal three-level conditionally con¬ 
trollable sublanguages. 

In this paper, we propose a combined approach that can 
be described as a top-down decomposition followed by a 
bottom-up computation. This proposed approach combines 
the strong features of both approaches, namely the low 
complexity of the top-down approach with the generality of 
the bottom-up approach that enables effective synthesis of 
both a posteriori supervisors to make sufficient conditions 
for distributed computation of supervisors hold and of coor¬ 
dinators for nonblocking. 

It is then natural to impose controllability and normality of 
low-level supervisors with respect to group coordinators and 
also controllability and normality of group supervisors with 
respect to the high coordinator at the very top level. In this 
paper, we will show that these supervisors can be synthesized 
in the bottom-up manner, i.e., we start with the supervisors 
on coordinator alphabets of each low-level group. 

In the case that controllability of the projected low-level 
supervisors with respect to the group coordinators and/or 
controllability of projected group supervisors with respect 


to the top coordinator from Theorem 13 do not hold, a 


posteriori supervisors on respective coordinator alphabets can 
be synthesized to make these conditions hold. 

We will show that both a posteriori supervisors and 
coordinators for nonblocking can be computed in the bottom- 
up manner. This is the main message of this paper; first, 
we perform a top-down design of coordinators based on 
two-level decomposition of the specification and this top- 
down design is followed by a bottom-up computation of a 
posteriori supervisors and coordinators for nonblocking. 

It is easy to shown that the language ||,e/ supCN;_|_,(.. 


of Theorem 13 further restricted by a posteriori supervisors 


will always satisfy all controllability and normality condi¬ 
tions required in Theorem [T^ It appears that controllability 
and normality conditions on the low-level coordinator al¬ 
phabets and on the high-level coordinator alphabet can be 
imposed by a posteriori supervisors defined a follows. 

We first compute a posteriori supervisors on the low-level 
coordinator alphabets Ak-, j = l,2,...,m, by 


supCN,t^. = r\ieijSupCN{Pkj{supCN^^i^.),L{Gkj),Akj^u,Qkj 


( 2 ) 




This supervisor will guarantee controllability and normality 
with respect to the group coordinator alphabets as required 
in Theorem [13] It should be noticed that 

supCN^. = supCN(T’i:.(||,e/. 

(3) 

but the former distributed form is more suitable for compu¬ 
tation of a posteriori supervisors supCN^. on group coordi¬ 
nator alphabets because of obvious complexity reasons. Oth¬ 
erwise stated, the a posteriori supervisors can be distributed 
and their roles consist simply in replacing local supervisors 
for individual subsystems G,- at the lowest level; supCN;_|_j(. 
by 

supCN;+^. II supCN^. = (4) 

supCN,.+^. II nie[jSupCN{Pk^{supCN-^i^.),L{Gk^)). 

Moreover, we show in Theorem [T^ that the restriction 
induced by the supervisor does alter maximal permissiveness. 
Then we compute the a posteriori supervisor on the high- 
level coordinator alphabet by 

supCN, = supCN(P,(117=1 snpcCNj),LiGk),Ak,u,Qk), 

where supcCNy = \\ieij supCN,-^j(.^. || supCN^^. is the resulting 
group supervisor. The supervisor supCN^ will guarantee 
controllability and normality with respect to the high-level 
coordinator L{Gk). 

Note that it is easy to see that supCN^j. can be computed 
in the modular way as follows: 

supCN, =||('Li supCN(i\(supcCN^.),L(Gi),A,,(5) 


This is a very special case of modular control with multi¬ 
ple prefix-closed specifications [12] for a single plant Gk- 
Therefore it follows from the assumption that all languages 
involved are prefix-closed, hence the languages in the in¬ 
tersection are trivially nonconflicting, which is required for 
preserving normality and controllability under intersection. 

It can be shown that the language M further restricted 
by these supervisors will always satisfy all controllability 
and normality conditions required in Theorem[T^ Somewhat 
surprisingly, it can be shown that these a posteriori super¬ 
visors do not alter another important property: supremality. 
The result below shows that the solution is still minimally 
restrictive with respect to our two level coordination control 
architecture, which is formally shown in the second inclusion 
of the proof. 

Theorem 14: Consider the setting of Theorem 13 Then 


sup mcCN {K, L,A,Q) 

= (||;Li (II, -e/, supCN,+,^.) II supCN,^.) II supCN, 

where a posteriori supervisors supCN^ and supCN^j. are 
defined in equations Q and Q, respectively. 

Proof: For simplicity, denote supmcCN(^r,L,A,2) = 
supmcCN, and let us use the notation 

Mj = supcCNy = Wieij supCN,.+^^. || supCN^^. 


for the resulting language of the (centralized) coordination 
control for each group Ij, j = 1,2,, m. We denote 

M= 117=1 M, II sup^N,. 

Hence, we need to show that supmcCN =||7=i Alj. 

In order to show the inclusion M C sup mcCN, it suffices 
to prove that M is three-level conditionally controllable and 
conditionally normal with respect to G,, i G f, and Gk^, 
for £= \,2,...,m. Then, since both M and supmcCN are 
sublanguages of K, and supmcCN is the supremal one having 
these properties, it will follow that M C supmcCN. 

For items 1 of three-level conditional controllability and 
conditional normality, we show that, for any j = l,2,...,m, 
Mj is conditionally controllable and conditionally normal 
with respect to G,, i G Ij, L{Gkj), Akj^u^ and Qkj. First, note 
that 


Pk,{M) =Pk^{\\UMe\\mpCNk) = 

Pk,{Mj) \\\\\%_„,Pk,{Mk) llsupCN, 

because Akj 3 Ak and Akj contains all shared events in 
the composition. Moreover, Pkj{Mj) = (||/g/^.supCN,_|_^. |j 

sup CN^ ) = riieijPk, (sup CN;_^^.) O supCN^^. , bcc3,iisc of 
Lemma and the fact that Akj contains all shared events 
of subsystems of the group Ij). 

It is then easy to see that Pk.{Mj) = supCN^^ is control¬ 
lable and normal with respect to L{Gkj), Akj^i, and Qkj. We 
now show Mj, j = l,2,...,m, are conditionally controllable 
and conditionally normal with respect to their groups Gi, 
i G Ij, and Gk . 

^ 7 __ 

Since the distributivity holds due to LemmaWl Pi+kj {Mj) = 
^,-+7^l,-'G/,supCN,.,+^. II supCN^^.) = ||,-/e//i/supCN,^.) || 
supCN^^. = supCN,-+^^. II ||',^'^^.A..(supCN,.,+i;^.) || supCN^.. 
Observe that 

Pi+kj{Mj) = supCN;+i. II Pk^{Mj), 

since supCN;+^^ || (||,-,g/^supCN,^. || supCN^p = 

supCN,-+^^ II ||i/e//*:^(supCN;,+i^.) || supCN^. = supCN,.+^. || 
|i::f^^.A/supCN,+,; II sup^,^ =Pi+kj{Mj). 

Therefore, by Lemma 1^ Pi+k i{Mj) is controllable and 
normal with respect to \L{Gf || supCN^.] || Pkj{Mj) =L{Gi) || 
Pkj{Mj), where the last equality is by the fact that Pk.{Mj) C 
supCNj(. , for any j = 1,2,... ,m and i G Ij. 

Altogether, Mj, j = 1,2,... ,m, are conditionally control¬ 
lable and conditionally normal with respect to their groups 
Gi, i G I j, and Gkj. 

Furthermore, for l=\,2,...,m, j, 

Pk^iMj) = Pk{Me), ( 6 ) 

because M( C A^, Ak QAkj QAjj UAk, Aj. flA/^ C A^., whence 
Akj nA/^ = A,tnA/^. 

r^, we h^e ^^(^^^(JTsupCN,;, = Pk{\\ieij supCN,.+,(.f II 
supCN,(,f II supCN,t =11 supCN,;,. 



This is because 

sup^N^ =||"Li supCN{PkisupcCNj),L{Gk)Ak,t„Qk) (7) 

= |!7=i supCN(P,(||;e/^. supCN,.+,p,L(G,),A,,„,a) 

(8) 

= 117=1 n,e/^supCN(P,(sup^,.+,^.),L(G,),Ai,„,e,). 

Therefore, Pk{Mg) || supCN^. = supCN^ are controllable 
and normal with respect to L{Gk), Ak,u, and Qk, for f = 
l,2,...,m. 

Altogether, in accordance wit^Lemma we obtain that 
Pk^m = \\7^k,{Me) II Pk^{supCNk)=Pk,{Mj) ||||gi 2 „„,„ 
Pk {M() II supCN^ is controllable and normal with respect 
to L{Gkj) III! L{Gk). We recall that L{Gkj) || L{Gk) = L{Gkj). 
Therefore, Pkj{M) is controllable with respect to L{Gkj) and 
AkjM, and normal with respect to L{Gkj) and Qky This shows 
items [T] of both three-level conditional controllability and 
conditional normality. 

In order to show item 2 of three-level conditional con¬ 
trollability and conditional normality, it must be shown that 
Pi+k,{M) = Pi+kj{\\’i=\ Mi II supCN^) is controllable with 
respect to T(G,) || Pkj{M) and Ai+kj,u, and normal with 
respect to T(G;) || Pkj{M) and Qi+kj- Note that Pk.{M) = 
Pkj{Mj) II supCN^^ because due to A,t^. C 

Ak we have (supCN^j. = supCN^. 

In a similar way as above, we get 

Pi+k,iM)^Pt+k,iMj) \\\\ti2,...,mPt+kjiMi) II Pi+kjisu^N,) 
= Pi+k,{Mj) \\\\TJ, 2 ,...,n,PkjiMi) II supCN, 

since, for j ^ £, Ai. n A/^ GAk^ Akj fulfills the requirements 
of Lemma which justifies the first equation. Moreover, it 
also implies that Pi+kj{Mi) = Pk{Mi) = Pk.{Mi), see equa¬ 
tion (01, which justifies the second equation. Furthermore, 
from above We recall at this point that Mj are conditionally 
controllable and conditionally normal with respect to their 
groups G/, i S Ij, the group coordinators L{Gkj), whence 
for all j = 1,2,... ,m and for all i G Ij we have that we 
have that Pi^kj{Mj) are controllable and normal with respect 
to L{Gi) II Pkj{Mj), A,and Qi+kj. It is obvious that 
languages Pkj{Mi) for i=l,2,...,m, j, are controllable 
and normal with respect to themselves. Finally, supCN^ is 
controllable normal with respect to itself. 

Therefore, according to Lemma |2| Pi+kj(M) is 
controllable and normal with respect to [L{G,) || Pk-{Mj)] || 
\\T=^,...,mPk,m II supCN, = LjG,-) II \\UPk,{Mi) II 
supCN, =L(G,-) II Pk,{rUMi) II supCN, =L(G,-) || 

Ai+k-,u7 and Qi+k-, which was to be shown. Note that 
distributivity Pi+k]{\\%, Mi) = 117^^ Pi+k, {Mi) holds true 
in accordance with Lemma |4| because Ai+kj contains A,^^- 
and Ai+k contains all sharedevents of languages Pi+kj{Mi) 
over their respective alphabets A/^+,, i= \,2,...,m. More 
precisely, for i G Ij we have that 

A/, iff = ; 

A]g otherwise 


The converse supmcCN C (||7=i (lli'e/y || 

supCNkj) II supCN'i^ will be proven by showing that for all 
i = l,2,...,m and for all i G Ij, 

T’l+ij (supmcCN) C supCN,+^. || supCN^^. || supCNj,. (9) 

According to the definition of synchronous product, Eq. 
is equivalent to three separate inclusions 

(i) supmcCN) C supCN,+^^. 

(ii) /supmcCN) C (F'+'^Z-isupCN,^ 

(iii) P,+i:/supmcCN) C (P^^^/^'supCN(, 

The first inclusion is not hard to see. Indeed, from 
the definitions of conditional controllability and conditional 
normality, Pi+k .(supmcCN) is controllable and normal with 
respect to L(G,) || Fit/supmcCN), Ai+kj,u, and Qi+kj. Fur¬ 
thermore, L{Gi) II Fit/supmcCN) is controllable and normal 
with respect to L(G,) || supCN^;,^., Ai+kj,u, and Qi+kj, because 
supmcCN) being controllable and normal with respect 
to L{Gkj) is also controllable and normal with respect to 
the smaller language supCN^ C L{Gkj). Therefore, using 
transitivity of controllability and normality (Lemma [^, 
Pi+k .(supmcCN) is controllable and normal with respect to 
L{Gi) II supCN^^, Ai+kj^u and Qi+kj. 

The proof of the other two inclusions is more in¬ 
volved. First, note that (ii) is equivalent to the inclusion 
Pk ^Pi+k .(supmcCN) C supCNjj,., and that P^t/supmcCN) = 
/ ~\~Jc * 

Pk ^T’l+i/supmcCN). Hence, it is equivalent to the inclu¬ 
sion Pi./supmcCN) C supCN^ . We recall at this point that 

supCN^^. = ||,g/. supCN(Pa./supCN,.+^/,L(Ga:/,A4.,„,2*:/. 
By the definition of the three-level conditionally control¬ 
lable and normal languages, P|(./supmcCN) is control¬ 
lable with respect to L{Gkj) and normal with respect to 
L{Gkj) and Qkj. Clearly, P^/supmcCN) C Pk.{K). Now, 
supCN(P^/supCN,.+^p,L(Gi/,AA-^._„,2,t/ is the supremal 
sublanguage of P<;/supCN,_|_^ ), which is controllable and 
normal with respect to L{Gkj) and Qkj. Hence, we obtain that 
P/t/supmcCN) C supCNj;,^ provided (supmcCN) is also 
a sublanguage of Pi/supCN;_|_^ ). Thus, it remains to show 
that Pkj (supmcCN) C Pkj (supCN,_|_j;.^.). However, it holds that 
Pi+k .(supmcCN) C supCNj-^j;,., because F/^yt/supmcCN) is, 
by definition of the three-leve/ conditionally controllable and 
normal languages, a sublanguage of Pi+kj{K) that is control¬ 
lable and normal with respect to L(G;) || P|(./supmcCN) and 
Qkj, i.e., it is by transitivity of Lemma (and the fact that 
the synchronous product preserve both controllability and 
normality for nonconflicting languages) controllable and nor¬ 
mal with respect to L(G,) || L{Gkj) and Qkj. Since supCN^;,^. C 
L{Gkj), we obtain that supmcCN) is controllable and 
normal with respect to L(G,) || supCN^;,^ and Qkj. Therefore, 
Pi+k .(supmcCN) has to be included in supCN,_|_j;, , which is 
the supremal sublanguage of Pi+kj{K) that is controllable and 
normal with respect to L(G,) || supCN^;,. and Qkj. 

Finally, inclusion (iii) can be shown using the same 
arguments as in (ii). ■ 


V. General Case: A Posteriori Supervisors 
Combined with Coordinators eor Nonblocking 


The group coordinators for nonblockingness can now be 
computed as follows 


In the previous section we have shown that a posteriori 
supervisors enable us to compute maximally permissive su¬ 
pervisors for our three-level coordination control architecture 
whenever there is no problem with blocking, e.g., in the 
prefix-closed case. It is clear from Theorem 14 that hrst the 
a posteriori supervisors on the group coordinator alphabets 
supCN^^ are computed and then the a posteriori supervisor 
supCNjj. on the high-level coordinator alphabet is computed. 
Otherwise stated, the computation of the a posteriori su¬ 
pervisors goes in the bottom-up way. The computation of 
these supervisors is necessary for obtaining the maximally 
permissive solution, i.e., the supremal three-level condition¬ 
ally controllable and conditionally-normal sublanguage of 


the specification if the sufficient condition of Theorem 13 
does not hold. 

In the general case, local supervisors supCNj-^^;,., i € Ij, 
for at least one group Ij, j = l,2,...,m, are conflicting 
and/or the resulting group supervisors at the higher level 
are conflicting. This issue can be solved by computing 
coordinators for nonblockingness that we have presented 
in [8] for the basic coordination control architecture with 
a single (centralized) coordinator that can now be qualified 
as the two-level coordination control architecture. 

It appears then natural to combine the bottom-up computa¬ 
tion of a posteriori supervisors with the bottom-up computa¬ 
tion of coordinators for nonblockingness, which is proposed 
in this section. First of all, it should be noted that, unlike 
the prehx-closed case, we do not have a general distributed 
procedure to compute the supremal conditionally controllable 
and normal languages. We have shown in [8] that, for the 
two-level coordination control architecture, the maximally 
permissive solutions for non-prefix-closed languages can 
be computed in a similar distributed way if the optimal 
supervisor for the coordinator is included in the optimal local 
supervisors projected to the coordinator alphabet: supC^ C 
/\(supCj_|_^) for all local supervisors i. We recall at this 
point that the opposite inclusion is always true and if the 
equality supC^j. C F’|(.(supC,-^^) does not hold, one may still 
compute local supervisors supC,-^^ as described in [8], but 
the maximal permissiveness cannot be guaranteed. 

Moreover, the typical issue with non-prehx-closed lan¬ 
guages is that the local supervisors supCN,^^., i G Ij, af¬ 
ter the application of the a posteriori group supervisors 
supCNj(. are conflicting in general, which corresponds to 
the blocking case. Let us recall that group supervisors for 
groups j — 1,2,...,nr are computed as follows, cf. Eq. 
supCN,t^. = 11,e/. supCN{PkjisupCN^^,^.),L{Gkj). We pro¬ 
pose to apply Theorem [7] to all groups 7 = 1,2, where 

sup. II supCN,;,., i G Ij, denoted by supCN,-^,;,., are 
blocking. Namely, we have to extend the alphabets so 
that the observer conditions of Theorem |7] are met. Namely, 
we need to extend the alphabets A^. so that : {Ai+j^.)* —> 
{Akj)* be supCN;_|_,(,^.-observer, for all i G Ij. 


Ck^ = supCN(||,e/^ F,/supCN,+,^), (10) 

Wieij Pkj{^.\ipCIii+kj)Akj,u,Qkj) ■ 

This means that the final nonblocking sup^visor for the 
group 7 G {!,...,/«} is given by ||,g/^. supCN,+,t^. || and 
we denote it by Nj. 

Similarly as within the low-level groups, it may happen 
that for K that is not prefix-closed, the languages resulting 
from the group supervisors Nj CAjj, j — 1,2,... ,m, are 
conflicting, thus leading to blocking. Then, Theorem]^ can 
be used again. This means that we extend the high-level 
coordinator alphabet Ak so that the observer conditions of 
Theorem is satisfied. A high-level coordinator for non¬ 
blockingness is then defined by 

Ck = supCN(||"Li PkiNj), 117=1 Pk{Nj),Ak,u,Qk) , (11) 

where Ak is the extension of the original (for safety) high 
level coordinator such that Pk :A*j, —>■ [Ai-l^Ak)*, be Nj- 
observer, for all j = I,... ,m. 

Now we are ready to formally propose the combined 
approach consisting in the following top-down design of 
coordinators followed by the bottom-up computations of a 
posteriori supervisors and coordinators for nonblockingness. 

The combined approach is formalized in Procedure 
below. The organizations of subsystems into a hierarchical 
structure with low-level groups is assumed to be given. 

We have shown in previous sections that, for prefix-closed 
languages. Procedure yields the supremal three-level con¬ 
ditionally controllable and conditionally normal sublanguage 
of K. This cannot be guaranteed in the general case, however, 
we have a distributive and hierarchical (sometimes referred 
to as heterarchical) way to compute a safe (although possibly 
not maximally permissive) and nonblocking supervisor. 

We note that the computational complexity of all steps in 
Procedure l^is polynomial in fairly small parameters (number 
of states and events of subsystems combined with coordi¬ 
nators) provided the projection to all coordinator alphabets 
satisfy the observer condition, in which case there is no 
problem with possibly an exponential size of the projected 
generators, and these are guaranteed to be smaller than the 
non-projected generators. 

VI. Concluding remarks 

We proposed a new general approach to coordination 
control of DES with partial observations. The approach 
combines the advantages of both the top-down and the 
bottom-up approaches proposed earlier. It consists in a top- 
down computation of coordinators (first a high-level coor¬ 
dinator is computed and then the group coordinators are 
computed) followed by the computation of supervisors at 
the lowest level (for individual subsystems) and. Anally, the 
a posteriori supervisors and coordinators for nonblockingness 
are computed in a bottom-up manner. 






Procedure 2 The combined approach 

1) Extend the shared alphabet A^/, to high-level coordina¬ 
tor alphabet A<. D A^/, such that K = 

2) Construct the high-level coordinator Gk = PkiW^^i l^r') 
and set = L{Gk)- 

3) For all low-level groups Ij, j= 1,2,extend 

the shared event sets of groups to low-level 


coordinator alphabets A^.. ^ Ag/j j so that Pi.^i^{K) = 
Wiei, Pi+kj{K). 

4) Construct the coordinators for low-level groups, that 
is, Gkj = WieijPkjiGe) and set Lk- ^ L{Gkj). 

5) Compute the supervisors supCN,;,. = supCN{Pkj{K), 
L{Gkj),Ak.^u,Qkj) for group coordinators L{Gkj), j = 

1 , 2 ,..., 171 . 

6) Compute supervisors supCN,-^,;.^. = supCN(P,+i^(^r), 
L{Gi) II supCN,^.,Ai+kj,u,Qi+kj) for subsystems i G Ij 
and for all groups Ij, j = 1,2,, m. 

7) Compute the a posteriori supervisors supCN,;,. = 

supCN{Pkj{supC'Ni^i^.),L{Gkj),Akj,u,Qkj) for all 


groups ;■= 1 , 2 ,..., 7«. _ 

8) For all groups y G {1,2,...,such that supCN,-^,;,^. := 
supCN,_|_j;, ||supCN,(. , for i G Ij, are conflicting (cf. 
Eq. Q), compute the group coordinators for nonblock¬ 
ingness using Eq. (lOi, that is, Ckj = supCN(||;g/^. 

Pi/sup CN,11,■£/. Pkj{supCNi^i,.),Ai^,Qkj), and 
set Ckj =Al, for all groups, where supCNj-^^;,. are not 

conflicting. Then the language Nj = |j,G/^ supCN,-^^, || 
Ckj is the resulting nonblocking supervisor for the 
group j. _ 

9) Compute the a posteriori supervisor supCN^;, at the 

high-level (cf. Eq. |^. _ 

10) If the languages Nj || supCN,;, are conflicting, then 
compute the high-level coordinator for nonblocking 
Ck usin g Eq. 0, i.e. Ck = supCNdlJ^j Pk{Nj), 
Pk^,Ak,u,Qk) and set Ck=Al if the languages Nj || 
supCN,(. are not conflicting. 

11) Set II supCN,;. \\Ck as the hnal closed-loop of the 
three-level coordination control based on the combined 
approach. 


It is possible to introduce a distributed version of relative 
observability, conditional relative observability [9] and use it 
in our multilevel architecture instead of normality. 
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The main advantage of the approach is that it combines 
the main advantage of the top-down approach—the possi¬ 
bility to compute local supervisors only for the individual 
subsystems—with the generality offered by the bottom- 
up approach that has namely enabled to leave out the 
restrictive conditions for being able to compute maximally 
permissive solutions in a distributed way and to leave out 
the nonconflictingness assumptions owing to the bottom- 
up computation of coordinators for nonblockingness. In the 
near future, we plan to apply the combined approach to 
discrete-event models of large scale systems stemming from 
manufacturing and traffic systems. We recall that recently a 
weaker condition than normality, called relative observability, 
was proposed for monolithic partially observed DES, cf. [1]. 











